In previous posts, I’ve described security as a process, not a project. It’s like a cold war that never ends with new threats every day requiring new countermeasures.
As I survey the landscape in 2014, I see much more sophisticated attacks at the same time there is much more severe regulatory enforcement. Where would I put my security dollars this year?
1. Denial of Service/Distributed Denial of Service Mitigation
In many ways the internet was built on the Blanche Dubois (Streetcar Named Desire) principle:
"I have always depended on the kindness of strangers."
No one foresaw evil actors purposely trying to pillage the network for personal gain.
Several companies offer appliances and services to reduce the impact of denial of service attacks. It’s much easier to be proactive and prepared than reactive when an attack hits.
2. Security Information and Event Management
As new security technologies are introduced, there is an explosion of log files produced. Turning that data into action can be a real challenge. If I log in from Boston 5 times on Monday morning and again from Shanghai on Monday afternoon, there is a good possibility my credentials have been stolen. Integration of multiple data streams with threat analysis based on analytic rules is essential to identifying threats and managing them.
3. Intrusion Protection Systems
Today’s threats are subtle and complex. Think about the high profile events of the past few years: Target, Neiman Marcus, and RSA. There were infiltrations of building control systems and carefully crafted spearfishing attacks. Advanced sensors are needed to identify malicious activity, log information about the activity, attempt to block it, and report it.
4. Network Forensics
As events occur, root cause analysis requires specialized tools to reconstruct incidents, identify bad actors, examine actions taken by those actors, and report to appropriate authorities enough information to use in prosecution or to respond to regulatory action.
Endpoint protection is increasingly important given the virulence of malware that includes screen scraping and keystroke logging. In addition to anti-virus, various zero-day protections including malware signature identification and removal processes are essential.
There are a variety of other tasks that need to be accomplished by the IT organization to comply with ISO and NIST HIPAA best practice frameworks including asset management, physical/environmental security, access control, incident management, continuity management, and continuing training/education for all human resources.
Given the intensity of federal and state oversight, a mature security program is no longer a luxury but a requirement to mitigate technical and reputational risks in healthcare.